package cn.iocoder.yudao.module.lowcode.config;

import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;

/**
 * Magic API 安全配置 - 仅放行路径访问
 * 
 * @author 芋道源码
 */
@Configuration  
public class MagicApiSecurityConfig {

    @Bean("magicApiAuthorizeRequestsCustomizer")
    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
        return new AuthorizeRequestsCustomizer() {
            @Override
            public void customize(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry registry) {
                // 简单放行Magic API相关路径
                registry.requestMatchers("/magic/**").permitAll();
            }
        };
    }
}